[pkg-cryptsetup-devel] Bug#860981: CVE-2016-4484 still Exists

??. ? taisfmq at live.cn
Sun Apr 23 03:39:19 UTC 2017


Package: cryptsetup
Version: 2:1.7.3-3
Severity: critical

When logging in to an encrypted system, just press the ENTER button for about half an hour (or you may just put a stone on your keyboard) and you will be provided with a initramfs shell in which you or someone nasty can modify something and do an evil-maid attack, similar to CVE-2016-4484 just with a longer time. In short, the vulnerability is not resolved.

In [setup_mapping()](https://anonscm.debian.org/cgit/pkg-cryptsetup/cryptsetup.git/tree/debian/initramfs/cryptroot-script#n372) it exits rather than halts, and there is no check for the result of the decryption in [local](https://anonscm.debian.org/cgit/kernel/initramfs-tools.git/tree/scripts/local). The quick-and-dirty solution of this is to add `panic=3600` in the kernel parameters, forbidding the shell as in [panic()](https://anonscm.debian.org/cgit/kernel/initramfs-tools.git/tree/scripts/functions#n44).

Thank you very much!

I am using Debian GNU/Linux 9.0, kernel 4.9.0-2-amd64 and libc6 2.24-10.



More information about the pkg-cryptsetup-devel mailing list